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DETAILED ACTION 
Claim Rejections - 35 USC § 103 

Claim 1-7 and 10-16 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bowman-Amuah (6,405,364 Bl). 

In reference to claim 7, Bowman-Amuah discloses a system and method for building 
systems in a development architecture framework wherein security is integrated into the solution 
(abstract and fig. 2), the steps of the method comprising: identifying the security threats to the 
solution (column 18 lines 30-36); determining the security properties of the overall solution 
(column 49 line 66 to column 50 lines 53), Bowman-Amuah lists the properties provided by the 
components of the overall security solution; assigning selected security properties for the overall 
solution to components of the solution (column 124 lines 33-35), since the system requires 
security through out the system and therefore security properties need to be embedded in 
components of the solution; enumerating security requirements for infrastructure, components 
and operations (column 50 line 54 to column 51 lines 14); developing integrity requirements 
(column 18 lines 32-36). 

Although Bowman-Amuah does not disclose creating a functional technology diagram, 
Bowman-Amuah does disclose documenting the process (column 17 lines 64-67), which 
performs the function of the functional technology diagram. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the functional technology diagrams. One of ordinary skill in the art would 
have been motivated to do this because functional requirement diagrams capture the intended 



Application/Control Number: 09/838,749 Page 3 

Art Unit: 2135 

behavior of the system as shown in the documentation of the process that indicates the intended 
behavior; information that can later be used for testing. 

In reference to claim 1, Bowman- Amuah discloses a system and method for building 
systems in a development architecture framework wherein security is integrated into the solution 
(abstract and fig. 2). The system for analyzing a solution including a plurality of components 
comprising: a first system, which identifies the security threats for the solution (column 18 lines 
30-36); a second system, which identifies the security properties of the overall solution based on 
a set of security functions attributable to defined security subsystems (column49 line 66 to 
column 50 line 53); a third system which is coupled to the second system and which allocates 
security properties to the components of the solution based upon the selected functions which are 
derived from the nature and number of the security subsystems within the solution (column 51 
lines 1-25); a fourth system which is coupled to the third system for allocating the security 
properties to the components of the solution and which identifies functional requirements for the 
components, in terms of the Common Criteria, in order to comply with the security properties of 
the component allocated by the third system (column 124 lines 33-35); 

Bowman- Amuah does not expressly disclose the system documenting the requirements 
for the security component, however Bowman-Amuah does discloses documentation of the 
process (column 17 lines 64-67), wherein the process satisfies the requirements the requirements 
and the process are related matter. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to document the requirements for the security component. One of ordinary skill in 
the art would have been motivated to do this because information that can later be used for 
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testing wherein tests would be tailored to verify that the documented requirements have been 
satisfied. 

In reference to claim 2, wherein the second system, which identifies security properties 
of the overall solution, includes a component that uses standard security subsystems for 
identifying security properties (column 49 line 66 to column 50 lines 53). 

In reference to claim 3 wherein the standard criteria for identifying security properties 
includes a system which maps functions of standard security subsystems to an ISO standard 
1 5408 also known as Common Criteria. 

Although Bowman- Amuah discloses the use of standards, Bowman- Amuah does not 
expressly disclose the use of industrial standards. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to do this because it would make the device compatible with other devices in the 
industry. 

In reference to claim 4, wherein the system further includes a system that documents the 
solution and the security assumptions using a solution design security methodology (column 2 
lines 30-43). 

In reference to claims 5 and 11-12, wherein the system further includes a system that 
provides integrity requirements using a standard set of criteria (column 1 8 lines 56-63). 

In reference to claim 6 wherein the standard set of criteria are in accordance with ISO 

15408. 
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Although Bowman- Amuah discloses the use of standards, Bowman- Amuah does not 
expressly disclose the use of industrial standards. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to dp this because it would make the device compatible with other devices in the 
industry. 

In reference to claim 10, wherein the method further includes the step of documenting the 
solution environment and security assumptions and using the environment and security 
assumptions in developing the security properties of the overall solution (column 17 lines 64-67). 

In reference to claim 13 wherein the step of determining the security properties of the 
overall solution includes the step of using the Common Criteria of ISO Standard 15408. 

Although Bowman- Amuah discloses the use of standards, Bowman- Amuah does not 
expressly disclose the use of industrial standards. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to do this because it would make the device compatible with other devices in the 
industry. 

In reference to claims 14-15 wherein the step of using industry standard security criteria 
includes the step of using Common Criteria, which conforms to ISO Standard 15408. 

Although Bowman- Amuah discloses the use of standards, Bowman- Amuah does not 
expressly disclose the use of industrial standards. 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to do this because it would make the device compatible with other devices in the 
industry. 

In reference to claim 16, wherein the step of enumerating security requirements for 
infrastructure components and operations includes the step of identifying, enumerating and 
describing a number of standard security subsystems that in total represent the security function 
of the solution (column 49 line 66 to column 50 lines 53). 

Claims 8-9 are rejected under 35 U.S. C. 103(a) as being unpatentable over Bowman- 
Amuah as applied to claim 7 above, and further in view of Leighton et al (5,519,778). 

In reference to claim 8 t Bowman- Amuah does not disclose ranking the security threats to 
the solution and considering the biggest threats to the security. 

Leighton discloses categorizing (ranking) the security levels and therefore threats 
(column 6 lines 36-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to categorize the security levels as in Leighton in the system of Bowman- Amuah. 
One of ordinary skill in the art would have been motivated to do this because increasing security 
can reduce the performance of the system therefore by using less security for threats that are 
considered lower security increases in performance can be achieved. 
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In reference to claim 9, Bowman- Amuah does not disclose the step of ranking the 
security threats to the solution includes the step of doing less for security threats not considered 

substantial threats to the solution. 

Leighton discloses a hierarchy of security protection and therefore grading security needs 
(column 6 lines 37-67) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to categorize the security levels as in Leighton in the system of Bowman- Amuah. 
One of ordinary skill in the art would have been motivated to do this because increasing security 
can reduce the performance of the system therefore by using less security for threats that are 
considered lower security increases in performance can be achieved. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W Klimach whose telephone number is (703) 305-8421. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (703) 305-4393. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

The 2100 Tech center will move to Carlyle in October 2004. The new telephone number 
for the receptionist is (571) 272-2100. The examiner's new telephone number will be (571) 272- 
3854. 
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Thursday, October 14, 2004 



